[crypto] Split crypto_algorithm into {digest,cipher,pubkey}_algorithm

The various types of cryptographic algorithm are fundamentally
different, and it was probably a mistake to try to handle them via a
single common type.

pubkey_algorithm is a placeholder type for now.

16 files changed, 160 insertions, 121 deletions

diff --git a/src/crypto/axtls_aes.c b/src/crypto/axtls_aes.c
index 278f9334..a19ad3c4 100644
--- a/src/crypto/axtls_aes.c
+++ b/src/crypto/axtls_aes.c
@@ -59,12 +59,12 @@ static void aes_cbc_decrypt ( void *ctx, const void *data, void *dst,
 	AES_cbc_decrypt ( &aesctx->ctx, data, dst, len );
 }
 
-struct crypto_algorithm aes_cbc_algorithm = {
+struct cipher_algorithm aes_cbc_algorithm = {
 	.name		= "aes_cbc",
 	.ctxsize	= sizeof ( struct aes_cbc_context ),
 	.blocksize	= 16,
 	.setkey		= aes_cbc_setkey,
 	.setiv		= aes_cbc_setiv,
-	.encode		= aes_cbc_encrypt,
-	.decode		= aes_cbc_decrypt,
+	.encrypt	= aes_cbc_encrypt,
+	.decrypt	= aes_cbc_decrypt,
 };
diff --git a/src/crypto/axtls_sha1.c b/src/crypto/axtls_sha1.c
index 62ff878a..841e193b 100644
--- a/src/crypto/axtls_sha1.c
+++ b/src/crypto/axtls_sha1.c
@@ -6,8 +6,7 @@ static void sha1_init ( void *ctx ) {
 	SHA1Init ( ctx );
 }
 
-static void sha1_update ( void *ctx, const void *data, void *dst __unused,
-			  size_t len ) {
+static void sha1_update ( void *ctx, const void *data, size_t len ) {
 	SHA1Update ( ctx, data, len );
 }
 
@@ -15,12 +14,12 @@ static void sha1_final ( void *ctx, void *out ) {
 	SHA1Final ( ctx, out );
 }
 
-struct crypto_algorithm sha1_algorithm = {
+struct digest_algorithm sha1_algorithm = {
 	.name		= "sha1",
 	.ctxsize	= SHA1_CTX_SIZE,
 	.blocksize	= 64,
 	.digestsize	= SHA1_DIGEST_SIZE,
 	.init		= sha1_init,
-	.encode		= sha1_update,
+	.update		= sha1_update,
 	.final		= sha1_final,
 };
diff --git a/src/crypto/chap.c b/src/crypto/chap.c
index 59b70e39..d0784d25 100644
--- a/src/crypto/chap.c
+++ b/src/crypto/chap.c
@@ -42,7 +42,7 @@
  * eventually be freed by a call to chap_finish().
  */
 int chap_init ( struct chap_response *chap,
-		struct crypto_algorithm *digest ) {
+		struct digest_algorithm *digest ) {
 	size_t state_len;
 	void *state;
 
diff --git a/src/crypto/cipher.c b/src/crypto/cipher.c
index 9c392009..f83a6d0f 100644
--- a/src/crypto/cipher.c
+++ b/src/crypto/cipher.c
@@ -2,23 +2,23 @@
 #include <errno.h>
 #include <gpxe/crypto.h>
 
-int cipher_encrypt ( struct crypto_algorithm *crypto,
+int cipher_encrypt ( struct cipher_algorithm *cipher,
 		     void *ctx, const void *src, void *dst,
 		     size_t len ) {
-	if ( ( len & ( crypto->blocksize - 1 ) ) ) {
+	if ( ( len & ( cipher->blocksize - 1 ) ) ) {
 		return -EINVAL;
 	}
-	crypto->encode ( ctx, src, dst, len );
+	cipher->encrypt ( ctx, src, dst, len );
 	return 0;
 }
 
-int cipher_decrypt ( struct crypto_algorithm *crypto,
+int cipher_decrypt ( struct cipher_algorithm *cipher,
 		     void *ctx, const void *src, void *dst,
 		     size_t len ) {
-	if ( ( len & ( crypto->blocksize - 1 ) ) ) {
+	if ( ( len & ( cipher->blocksize - 1 ) ) ) {
 		return -EINVAL;
 	}
-	crypto->decode ( ctx, src, dst, len );
+	cipher->decrypt ( ctx, src, dst, len );
 	return 0;
 }
 
diff --git a/src/crypto/crypto_null.c b/src/crypto/crypto_null.c
index 120ef0a6..8cc9217a 100644
--- a/src/crypto/crypto_null.c
+++ b/src/crypto/crypto_null.c
@@ -25,45 +25,61 @@
 #include <string.h>
 #include <gpxe/crypto.h>
 
-static void null_init ( void *ctx __unused ) {
+static void digest_null_init ( void *ctx __unused ) {
 	/* Do nothing */
 }
 
-static int null_setkey ( void *ctx __unused, const void *key __unused,
-			 size_t keylen __unused ) {
+static void digest_null_update ( void *ctx __unused, const void *src __unused,
+				 size_t len __unused ) {
 	/* Do nothing */
-	return 0;
 }
 
-static void null_setiv ( void *ctx __unused, const void *iv __unused ) {
+static void digest_null_final ( void *ctx __unused, void *out __unused ) {
 	/* Do nothing */
 }
 
-static void null_encode ( void *ctx __unused, const void *src,
-			  void *dst, size_t len ) {
-	if ( dst )
-		memcpy ( dst, src, len );
-}
+struct digest_algorithm digest_null = {
+	.name = "null",
+	.ctxsize = 0,
+	.blocksize = 1,
+	.digestsize = 0,
+	.init = digest_null_init,
+	.update = digest_null_update,
+	.final = digest_null_final,
+};
 
-static void null_decode ( void *ctx __unused, const void *src,
-			  void *dst, size_t len ) {
-	if ( dst )
-		memcpy ( dst, src, len );
+static int cipher_null_setkey ( void *ctx __unused, const void *key __unused,
+				size_t keylen __unused ) {
+	/* Do nothing */
+	return 0;
 }
 
-static void null_final ( void *ctx __unused, void *out __unused ) {
+static void cipher_null_setiv ( void *ctx __unused,
+				const void *iv __unused ) {
 	/* Do nothing */
 }
 
-struct crypto_algorithm crypto_null = {
+static void cipher_null_encrypt ( void *ctx __unused, const void *src,
+				  void *dst, size_t len ) {
+	memcpy ( dst, src, len );
+}
+
+static void cipher_null_decrypt ( void *ctx __unused, const void *src,
+				  void *dst, size_t len ) {
+	memcpy ( dst, src, len );
+}
+
+struct cipher_algorithm cipher_null = {
 	.name = "null",
 	.ctxsize = 0,
 	.blocksize = 1,
-	.digestsize = 0,
-	.init = null_init,
-	.setkey = null_setkey,
-	.setiv = null_setiv,
-	.encode = null_encode,
-	.decode = null_decode,
-	.final = null_final,
+	.setkey = cipher_null_setkey,
+	.setiv = cipher_null_setiv,
+	.encrypt = cipher_null_encrypt,
+	.decrypt = cipher_null_decrypt,
+};
+
+struct pubkey_algorithm pubkey_null = {
+	.name = "null",
+	.ctxsize = 0,
 };
diff --git a/src/crypto/hmac.c b/src/crypto/hmac.c
index 6884bde9..be0298a7 100644
--- a/src/crypto/hmac.c
+++ b/src/crypto/hmac.c
@@ -35,7 +35,7 @@
  * @v key		Key
  * @v key_len		Length of key
  */
-static void hmac_reduce_key ( struct crypto_algorithm *digest,
+static void hmac_reduce_key ( struct digest_algorithm *digest,
 			      void *key, size_t *key_len ) {
 	uint8_t digest_ctx[digest->ctxsize];
 
@@ -58,7 +58,7 @@ static void hmac_reduce_key ( struct crypto_algorithm *digest,
  * will be replaced with its own digest, and key_len will be updated
  * accordingly).
  */
-void hmac_init ( struct crypto_algorithm *digest, void *digest_ctx,
+void hmac_init ( struct digest_algorithm *digest, void *digest_ctx,
 		 void *key, size_t *key_len ) {
 	unsigned char k_ipad[digest->blocksize];
 	unsigned int i;
@@ -93,7 +93,7 @@ void hmac_init ( struct crypto_algorithm *digest, void *digest_ctx,
  * will be replaced with its own digest, and key_len will be updated
  * accordingly).
  */
-void hmac_final ( struct crypto_algorithm *digest, void *digest_ctx,
+void hmac_final ( struct digest_algorithm *digest, void *digest_ctx,
 		  void *key, size_t *key_len, void *hmac ) {
 	unsigned char k_opad[digest->blocksize];
 	unsigned int i;
diff --git a/src/crypto/md5.c b/src/crypto/md5.c
index 1fed24fc..76fb8a69 100644
--- a/src/crypto/md5.c
+++ b/src/crypto/md5.c
@@ -167,8 +167,7 @@ static void md5_init(void *context)
 	mctx->byte_count = 0;
 }
 
-static void md5_update(void *context, const void *data, void *dst __unused,
-		       size_t len)
+static void md5_update(void *context, const void *data, size_t len)
 {
 	struct md5_ctx *mctx = context;
 	const u32 avail = sizeof(mctx->block) - (mctx->byte_count & 0x3f);
@@ -224,12 +223,12 @@ static void md5_final(void *context, void *out)
 	memset(mctx, 0, sizeof(*mctx));
 }
 
-struct crypto_algorithm md5_algorithm = {
+struct digest_algorithm md5_algorithm = {
 	.name		= "md5",
 	.ctxsize	= MD5_CTX_SIZE,
 	.blocksize	= ( MD5_BLOCK_WORDS * 4 ),
 	.digestsize	= MD5_DIGEST_SIZE,
 	.init		= md5_init,
-	.encode		= md5_update,
+	.update		= md5_update,
 	.final		= md5_final,
 };
diff --git a/src/include/gpxe/aes.h b/src/include/gpxe/aes.h
index dd6e7734..bdb4b351 100644
--- a/src/include/gpxe/aes.h
+++ b/src/include/gpxe/aes.h
@@ -1,8 +1,8 @@
 #ifndef _GPXE_AES_H
 #define _GPXE_AES_H
 
-struct crypto_algorithm;
+struct cipher_algorithm;
 
-extern struct crypto_algorithm aes_cbc_algorithm;
+extern struct cipher_algorithm aes_cbc_algorithm;
 
 #endif /* _GPXE_AES_H */
diff --git a/src/include/gpxe/chap.h b/src/include/gpxe/chap.h
index a7059cdb..87e5484f 100644
--- a/src/include/gpxe/chap.h
+++ b/src/include/gpxe/chap.h
@@ -10,12 +10,12 @@
 #include <stdint.h>
 #include <gpxe/md5.h>
 
-struct crypto_algorithm;
+struct digest_algorithm;
 
 /** A CHAP response */
 struct chap_response {
 	/** Digest algorithm used for the response */
-	struct crypto_algorithm *digest;
+	struct digest_algorithm *digest;
 	/** Context used by the digest algorithm */
 	uint8_t *digest_context;
 	/** CHAP response */
@@ -25,7 +25,7 @@ struct chap_response {
 };
 
 extern int chap_init ( struct chap_response *chap,
-		       struct crypto_algorithm *digest );
+		       struct digest_algorithm *digest );
 extern void chap_update ( struct chap_response *chap, const void *data,
 			  size_t len );
 extern void chap_respond ( struct chap_response *chap );
diff --git a/src/include/gpxe/crypto.h b/src/include/gpxe/crypto.h
index 95665acc..42860a9e 100644
--- a/src/include/gpxe/crypto.h
+++ b/src/include/gpxe/crypto.h
@@ -10,21 +10,46 @@
 #include <stdint.h>
 #include <stddef.h>
 
-/** A cryptographic algorithm */
-struct crypto_algorithm {
+/** A message digest algorithm */
+struct digest_algorithm {
 	/** Algorithm name */
 	const char *name;
 	/** Context size */
 	size_t ctxsize;
 	/** Block size */
 	size_t blocksize;
-	/** Final output size */
+	/** Digest size */
 	size_t digestsize;
-	/** Initialise algorithm
+	/** Initialise digest
 	 *
 	 * @v ctx		Context
 	 */
 	void ( * init ) ( void *ctx );
+	/** Update digest with new data
+	 *
+	 * @v ctx		Context
+	 * @v src		Data to digest
+	 * @v len		Length of data
+	 *
+	 * @v len is not necessarily a multiple of @c blocksize.
+	 */
+	void ( * update ) ( void *ctx, const void *src, size_t len );
+	/** Finalise digest
+	 *
+	 * @v ctx		Context
+	 * @v out		Buffer for digest output
+	 */
+	void ( * final ) ( void *ctx, void *out );
+};
+
+/** A cipher algorithm */
+struct cipher_algorithm {
+	/** Algorithm name */
+	const char *name;
+	/** Context size */
+	size_t ctxsize;
+	/** Block size */
+	size_t blocksize;
 	/** Set key
 	 *
 	 * @v ctx		Context
@@ -38,79 +63,79 @@ struct crypto_algorithm {
 	 * @v ctx		Context
 	 * @v iv		Initialisation vector
 	 */
-	void ( *setiv ) ( void *ctx, const void *iv );
-	/** Encode data
+	void ( * setiv ) ( void *ctx, const void *iv );
+	/** Encrypt data
 	 *
 	 * @v ctx		Context
-	 * @v src		Data to encode
-	 * @v dst		Encoded data, or NULL
+	 * @v src		Data to encrypt
+	 * @v dst		Buffer for encrypted data
 	 * @v len		Length of data
 	 * @ret rc		Return status code
 	 *
-	 * For a cipher algorithm, the enciphered data should be
-	 * placed in @c dst.  For a digest algorithm, only the digest
-	 * state should be updated, and @c dst will be NULL.
-	 *
 	 * @v len is guaranteed to be a multiple of @c blocksize.
 	 */
-	void ( * encode ) ( void *ctx, const void *src, void *dst,
-			    size_t len );
-	/** Decode data
+	void ( * encrypt ) ( void *ctx, const void *src, void *dst,
+			     size_t len );
+	/** Decrypt data
 	 *
 	 * @v ctx		Context
-	 * @v src		Data to decode
-	 * @v dst		Decoded data
+	 * @v src		Data to decrypt
+	 * @v dst		Buffer for decrypted data
 	 * @v len		Length of data
 	 * @ret rc		Return status code
 	 *
 	 * @v len is guaranteed to be a multiple of @c blocksize.
 	 */
-	void ( * decode ) ( void *ctx, const void *src, void *dst,
-			    size_t len );
-	/** Finalise algorithm
-	 *
-	 * @v ctx		Context
-	 * @v out		Algorithm final output
-	 */
-	void ( * final ) ( void *ctx, void *out );
+	void ( * decrypt ) ( void *ctx, const void *src, void *dst,
+			     size_t len );
+};
+
+/** A public key algorithm */
+struct pubkey_algorithm {
+	/** Algorithm name */
+	const char *name;
+	/** Context size */
+	size_t ctxsize;
 };
 
-static inline void digest_init ( struct crypto_algorithm *crypto,
+static inline void digest_init ( struct digest_algorithm *digest,
 				 void *ctx ) {
-	crypto->init ( ctx );
+	digest->init ( ctx );
 }
 
-static inline void digest_update ( struct crypto_algorithm *crypto,
+static inline void digest_update ( struct digest_algorithm *digest,
 				   void *ctx, const void *data, size_t len ) {
-	crypto->encode ( ctx, data, NULL, len );
+	digest->update ( ctx, data, len );
 }
 
-static inline void digest_final ( struct crypto_algorithm *crypto,
+static inline void digest_final ( struct digest_algorithm *digest,
 				  void *ctx, void *out ) {
-	crypto->final ( ctx, out );
+	digest->final ( ctx, out );
 }
 
-static inline void cipher_setiv ( struct crypto_algorithm *crypto,
-				  void *ctx, const void *iv ) {
-	crypto->setiv ( ctx, iv );
-}
-
-static inline int cipher_setkey ( struct crypto_algorithm *crypto,
+static inline int cipher_setkey ( struct cipher_algorithm *cipher,
 				  void *ctx, const void *key, size_t keylen ) {
-	return crypto->setkey ( ctx, key, keylen );
+	return cipher->setkey ( ctx, key, keylen );
 }
 
-static inline int is_stream_cipher ( struct crypto_algorithm *crypto ) {
-	return ( crypto->blocksize == 1 );
+static inline void cipher_setiv ( struct cipher_algorithm *cipher,
+				  void *ctx, const void *iv ) {
+	cipher->setiv ( ctx, iv );
 }
 
-extern struct crypto_algorithm crypto_null;
+static inline int is_stream_cipher ( struct cipher_algorithm *cipher ) {
+	return ( cipher->blocksize == 1 );
+}
 
-extern int cipher_encrypt ( struct crypto_algorithm *crypto,
+extern int cipher_encrypt ( struct cipher_algorithm *cipher,
 			    void *ctx, const void *src, void *dst,
 			    size_t len );
-extern int cipher_decrypt ( struct crypto_algorithm *crypto,
+extern int cipher_decrypt ( struct cipher_algorithm *cipher,
 			    void *ctx, const void *src, void *dst,
 			    size_t len );
 
+extern struct digest_algorithm digest_null;
+extern struct cipher_algorithm cipher_null;
+extern struct pubkey_algorithm pubkey_null;
+
 #endif /* _GPXE_CRYPTO_H */
diff --git a/src/include/gpxe/hmac.h b/src/include/gpxe/hmac.h
index fd34db04..67aefdce 100644
--- a/src/include/gpxe/hmac.h
+++ b/src/include/gpxe/hmac.h
@@ -16,15 +16,15 @@
  * @v data		Data
  * @v len		Length of data
  */
-static inline void hmac_update ( struct crypto_algorithm *digest,
+static inline void hmac_update ( struct digest_algorithm *digest,
 				 void *digest_ctx, const void *data,
 				 size_t len ) {
 	digest_update ( digest, digest_ctx, data, len );
 }
 
-extern void hmac_init ( struct crypto_algorithm *digest, void *digest_ctx,
+extern void hmac_init ( struct digest_algorithm *digest, void *digest_ctx,
 			void *key, size_t *key_len );
-extern void hmac_final ( struct crypto_algorithm *digest, void *digest_ctx,
+extern void hmac_final ( struct digest_algorithm *digest, void *digest_ctx,
 			 void *key, size_t *key_len, void *hmac );
 
 #endif /* _GPXE_HMAC_H */
diff --git a/src/include/gpxe/md5.h b/src/include/gpxe/md5.h
index 304a0e64..f8976a19 100644
--- a/src/include/gpxe/md5.h
+++ b/src/include/gpxe/md5.h
@@ -1,7 +1,7 @@
 #ifndef _GPXE_MD5_H
 #define _GPXE_MD5_H
 
-struct crypto_algorithm;
+struct digest_algorithm;
 
 #include <stdint.h>
 
@@ -17,6 +17,6 @@ struct md5_ctx {
 
 #define MD5_CTX_SIZE sizeof ( struct md5_ctx )
 
-extern struct crypto_algorithm md5_algorithm;
+extern struct digest_algorithm md5_algorithm;
 
 #endif /* _GPXE_MD5_H */
diff --git a/src/include/gpxe/rsa.h b/src/include/gpxe/rsa.h
index ce15cfa0..e30e1a5a 100644
--- a/src/include/gpxe/rsa.h
+++ b/src/include/gpxe/rsa.h
@@ -1,9 +1,9 @@
 #ifndef _GPXE_RSA_H
 #define _GPXE_RSA_H
 
-struct crypto_algorithm;
+struct pubkey_algorithm;
 
-extern struct crypto_algorithm rsa_algorithm;
+extern struct pubkey_algorithm rsa_algorithm;
 
 #include "crypto/axtls/crypto.h"
 
diff --git a/src/include/gpxe/sha1.h b/src/include/gpxe/sha1.h
index 2d6e90dd..66370d42 100644
--- a/src/include/gpxe/sha1.h
+++ b/src/include/gpxe/sha1.h
@@ -3,11 +3,11 @@
 
 #include "crypto/axtls/crypto.h"
 
-struct crypto_algorithm;
+struct digest_algorithm;
 
 #define SHA1_CTX_SIZE sizeof ( SHA1_CTX )
 #define SHA1_DIGEST_SIZE SHA1_SIZE
 
-extern struct crypto_algorithm sha1_algorithm;
+extern struct digest_algorithm sha1_algorithm;
 
 #endif /* _GPXE_SHA1_H */
diff --git a/src/include/gpxe/tls.h b/src/include/gpxe/tls.h
index 182bc49d..ddec7bec 100644
--- a/src/include/gpxe/tls.h
+++ b/src/include/gpxe/tls.h
@@ -91,11 +91,11 @@ enum tls_tx_state {
 /** A TLS cipher specification */
 struct tls_cipherspec {
 	/** Public-key encryption algorithm */
-	struct crypto_algorithm *pubkey;
+	struct pubkey_algorithm *pubkey;
 	/** Bulk encryption cipher algorithm */
-	struct crypto_algorithm *cipher;
+	struct cipher_algorithm *cipher;
 	/** MAC digest algorithm */
-	struct crypto_algorithm *digest;
+	struct digest_algorithm *digest;
 	/** Key length */
 	size_t key_len;
 	/** Dynamically-allocated storage */
diff --git a/src/net/tls.c b/src/net/tls.c
index f8e5318b..024b45db 100644
--- a/src/net/tls.c
+++ b/src/net/tls.c
@@ -136,7 +136,7 @@ static void tls_generate_random ( void *data, size_t len ) {
  * @v digest_ctx	Digest context
  * @v args		( data, len ) pairs of data, terminated by NULL
  */
-static void tls_hmac_update_va ( struct crypto_algorithm *digest,
+static void tls_hmac_update_va ( struct digest_algorithm *digest,
 				 void *digest_ctx, va_list args ) {
 	void *data;
 	size_t len;
@@ -159,7 +159,7 @@ static void tls_hmac_update_va ( struct crypto_algorithm *digest,
  * @v seeds		( data, len ) pairs of seed data, terminated by NULL
  */
 static void tls_p_hash_va ( struct tls_session *tls,
-			    struct crypto_algorithm *digest,
+			    struct digest_algorithm *digest,
 			    void *secret, size_t secret_len,
 			    void *out, size_t out_len,
 			    va_list seeds ) {
@@ -409,9 +409,9 @@ static void tls_clear_cipher ( struct tls_session *tls __unused,
 			       struct tls_cipherspec *cipherspec ) {
 	free ( cipherspec->dynamic );
 	memset ( cipherspec, 0, sizeof ( cipherspec ) );
-	cipherspec->pubkey = &crypto_null;
-	cipherspec->cipher = &crypto_null;
-	cipherspec->digest = &crypto_null;
+	cipherspec->pubkey = &pubkey_null;
+	cipherspec->cipher = &cipher_null;
+	cipherspec->digest = &digest_null;
 }
 
 /**
@@ -427,9 +427,9 @@ static void tls_clear_cipher ( struct tls_session *tls __unused,
  */
 static int tls_set_cipher ( struct tls_session *tls,
 			    struct tls_cipherspec *cipherspec,
-			    struct crypto_algorithm *pubkey,
-			    struct crypto_algorithm *cipher,
-			    struct crypto_algorithm *digest,
+			    struct pubkey_algorithm *pubkey,
+			    struct cipher_algorithm *cipher,
+			    struct digest_algorithm *digest,
 			    size_t key_len ) {
 	size_t total;
 	void *dynamic;
@@ -473,9 +473,9 @@ static int tls_set_cipher ( struct tls_session *tls,
  */
 static int tls_select_cipher ( struct tls_session *tls,
 			       unsigned int cipher_suite ) {
-	struct crypto_algorithm *pubkey = &crypto_null;
-	struct crypto_algorithm *cipher = &crypto_null;
-	struct crypto_algorithm *digest = &crypto_null;
+	struct pubkey_algorithm *pubkey = &pubkey_null;
+	struct cipher_algorithm *cipher = &cipher_null;
+	struct digest_algorithm *digest = &digest_null;
 	unsigned int key_len = 0;
 	int rc;
 
@@ -524,9 +524,9 @@ static int tls_change_cipher ( struct tls_session *tls,
 
 	/* Sanity check */
 	if ( /* FIXME (when pubkey is not hard-coded to RSA):
-	      * ( pending->pubkey == &crypto_null ) || */
-	     ( pending->cipher == &crypto_null ) ||
-	     ( pending->digest == &crypto_null ) ) {
+	      * ( pending->pubkey == &pubkey_null ) || */
+	     ( pending->cipher == &cipher_null ) ||
+	     ( pending->digest == &digest_null ) ) {
 		DBGC ( tls, "TLS %p refusing to use null cipher\n", tls );
 		return -ENOTSUP;
 	}
@@ -567,8 +567,8 @@ static void tls_add_handshake ( struct tls_session *tls,
  * far.
  */
 static void tls_verify_handshake ( struct tls_session *tls, void *out ) {
-	struct crypto_algorithm *md5 = &md5_algorithm;
-	struct crypto_algorithm *sha1 = &sha1_algorithm;
+	struct digest_algorithm *md5 = &md5_algorithm;
+	struct digest_algorithm *sha1 = &sha1_algorithm;
 	uint8_t md5_ctx[md5->ctxsize];
 	uint8_t sha1_ctx[sha1->ctxsize];
 	void *md5_digest = out;
@@ -1060,7 +1060,7 @@ static void tls_hmac ( struct tls_session *tls __unused,
 		       struct tls_cipherspec *cipherspec,
 		       uint64_t seq, struct tls_header *tlshdr,
 		       const void *data, size_t len, void *hmac ) {
-	struct crypto_algorithm *digest = cipherspec->digest;
+	struct digest_algorithm *digest = cipherspec->digest;
 	uint8_t digest_ctx[digest->ctxsize];
 
 	hmac_init ( digest, digest_ctx, cipherspec->mac_secret,